Trust & Privacy
This page is maintained by Water Home BD to answer common security and privacy questions about our services.
Access & Authentication
We use email-and-password authentication with optional Google sign-in. Passwords are hashed and stored securely by our authentication provider. Admin panel access is restricted to users with verified admin or editor roles. All role checks are enforced server-side.
Data Protection
Order, customer, and payment records are protected by row-level security policies. Only the record owner or an authorized admin can access or modify sensitive data. Product and order data mutations happen through server functions, not directly from the browser.
What We Collect
We collect contact details (name, email, phone, address) needed to fulfill orders and service requests. Browsing behavior may be tracked via Google Analytics, Google Tag Manager, or Meta Pixel when those integrations are enabled by site administrators. We do not sell personal data to third parties.
Cookies & Analytics
We use essential cookies for authentication and session management. Analytics cookies are used only when an admin has configured Google Analytics, Tag Manager, or Meta Pixel. You can manage cookie preferences through your browser settings.
Retention & Deletion
We retain order and customer records for as long as necessary to provide support, honor warranties, and meet business requirements. You may request deletion of your personal data by contacting us; we will process verifiable requests in accordance with applicable law.
Privacy Requests & Contact
For data-access, correction, or deletion requests, email hello@waterhomebd.com or use the Contact Us page. We aim to respond to privacy inquiries within 5 business days.
Security Reporting
If you discover a vulnerability, please report it to hello@waterhomebd.com with enough detail to reproduce the issue. We ask that you allow reasonable time for us to address the issue before public disclosure.
Platform & Shared Responsibility
This website is built and hosted on the Lovable platform. Platform-level infrastructure, database hosting, and CDN delivery are provided by Lovable and its underlying cloud partners. The statements on this page describe the application-level controls we have implemented and our operational practices. They do not represent an independent certification, audit, or legal guarantee.
Security is a shared responsibility: we manage application access controls and data handling practices, while the platform manages infrastructure patching, network isolation, and availability. If you have questions about platform-level security, please contact us and we will route your inquiry appropriately.